Improve FTP Security Using vsftpd with SSL/TLS

Plain FTP or non-encrypted FTP transfer is not secure as attackers can sneak in and retrieve the data (including the FTP username and password) you are sending as all the data is send as plain text. The best thing to do in this case is to secure the FTP transfer by encrypting the data with SSL/TLS.

In this tutorial we will go through how FTP server (server in which FTP server side software/application is installed) can be secured with SSL/TLS and there by making the file transfer secure. This is to help shared hosting servers are secured with SSL/TLS encryption.

vsftpd is very secure FTP daemon which is a very fast, reliable and secure FTP application/software.

Installing vsftpd

You can install vsftpd easily via yum as it is available in the default CentOS repository.

yum install vsftpd

Edit vsftpd configuration file to tighten security

Open the vsftpd configuration file (by default: /etc/vsftpd/vsftpd.conf) and add the following lines.

nano /etc/vsftpd/vsftpd.conf

Disable anonymous login


Use linux system users and authentication for login


Enable write privilege to modify content


Limit the FTP user access to respective home directory.


Setup SSL for vsftpd

Create a new directory for storing the SSL files (certificate and key).

mkdir /etc/ssl/private

We can create the SSL certificate and the key in a single file with openssl command.

openssl req -x509 -nodes -days 365 -newkey rsa:1024 -keyout /etc/ssl/private/vsftpd.pem -out /etc/ssl/private/vsftpd.pem

This will prompt a few questions as shown in the screenshot. Just fill the questions and press ‘Enter’.


Modify vsftpd config to add SSL/TLS Information

Open vsftpd config file

nano /etc/vsftpd/vsftpd.conf

Add the following lines to mention the location of certificate and key file



To enable SSL on FTP login and data transfer add the following lines





To explicitly allow TLS and deny SSL add the following lines




Add these recommended SSL settings as well



Restart vsftpd service for the changes to take effect.

/etc/init.d/vsftpd restart

This will enable secure file transfers between the local machine and the FTP server.

We hope you have found this tutorial useful on how to install vsftpd with SSL/TLS on a CentOS server

Thanks for reading and leave your questions below to keep the conversation going.

Leave a Reply

Your email address will not be published.